Project

General

Profile

« Previous | Next » 

Revision 71706315

Added by Andreas Kohlbecker over 5 years ago

ref #6867 using runAsAuthentication ROLE_USERMANAGER to grant per entity authorities

View differences:

src/main/java/eu/etaxonomy/cdm/service/CdmUserHelper.java
14 14
import org.springframework.beans.factory.annotation.Autowired;
15 15
import org.springframework.beans.factory.annotation.Qualifier;
16 16
import org.springframework.security.authentication.AnonymousAuthenticationToken;
17
import org.springframework.security.authentication.AuthenticationProvider;
17 18
import org.springframework.security.core.Authentication;
18 19
import org.springframework.security.core.context.SecurityContext;
19 20
import org.springframework.security.core.context.SecurityContextHolder;
......
24 25
import com.vaadin.spring.annotation.UIScope;
25 26

  
26 27
import eu.etaxonomy.cdm.api.application.CdmRepository;
28
import eu.etaxonomy.cdm.api.application.RunAsAuthenticator;
27 29
import eu.etaxonomy.cdm.database.PermissionDeniedException;
28 30
import eu.etaxonomy.cdm.model.common.CdmBase;
29 31
import eu.etaxonomy.cdm.model.common.User;
......
53 55
    @Qualifier("cdmRepository")
54 56
    private CdmRepository repo;
55 57

  
58
    @Autowired
59
    @Qualifier("runAsAuthenticationProvider")
60
    AuthenticationProvider runAsAuthenticationProvider;
61

  
62
    RunAsAuthenticator runAsAutheticator = new RunAsAuthenticator();
63

  
56 64
    public CdmUserHelper(){
57 65
        super();
66
        runAsAutheticator.setRunAsAuthenticationProvider(runAsAuthenticationProvider);
67

  
58 68
    }
59 69

  
60 70
    @Override
......
179 189
    }
180 190

  
181 191
    /**
182
     * @param username
183
     * @param cdmType
184
     * @param entitiyId
185
     * @param crud
186
     * @return
192
     * {@inheritDoc}
187 193
     */
188 194
    @Override
189
    public void createAuthorityFor(String username, Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud, String property) {
195
    public void createAuthorityFor(String username, CdmBase cdmEntity, EnumSet<CRUD> crud, String property) {
190 196
        UserDetails userDetails = repo.getUserService().loadUserByUsername(username);
191 197
        if(userDetails != null){
198
            runAsAutheticator.runAsAuthentication(Role.ROLE_USER_MANAGER);
192 199
            User user = (User)userDetails;
193
            CdmBase entity = repo.getCommonService().find(cdmType, entitiyId);
194
            CdmAuthority authority = new CdmAuthority(entity, property, crud);
200
            CdmAuthority authority = new CdmAuthority(cdmEntity, property, crud);
195 201
            try {
196 202
                user.getGrantedAuthorities().add(authority.asNewGrantedAuthority());
197 203
            } catch (CdmAuthorityParsingException e) {
198 204
                throw new RuntimeException(e);
199 205
            }
200 206
            repo.getSession().flush();
207
            runAsAutheticator.restoreAuthentication();
201 208
            logger.debug("new authority for " + username + ": " + authority.toString());
202 209
            Authentication authentication = new PreAuthenticatedAuthenticationToken(user, user.getPassword(), user.getAuthorities());
203 210
            SecurityContextHolder.getContext().setAuthentication(authentication);
204 211
            logger.debug("security context refreshed with user " + username);
205 212
        }
213

  
206 214
    }
207 215

  
208 216
    /**
217
     * @param username
209 218
     * @param cdmType
210 219
     * @param entitiyId
211 220
     * @param crud
212 221
     * @return
213 222
     */
214 223
    @Override
215
    public void createAuthorityForCurrentUser(Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud, String property) {
216
        createAuthorityFor(userName(), cdmType, entitiyId, crud, property);
224
    public void createAuthorityFor(String username, Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud, String property) {
225

  
226
        CdmBase cdmEntity = repo.getCommonService().find(cdmType, entitiyId);
227

  
228
        createAuthorityFor(username,cdmEntity, crud, property);
217 229
    }
218 230

  
219 231
    /**
220 232
     * {@inheritDoc}
221 233
     */
222 234
    @Override
223
    public void createAuthorityFor(String username, CdmBase cdmEntity, EnumSet<CRUD> crud, String property) {
224
        UserDetails userDetails = repo.getUserService().loadUserByUsername(username);
225
        if(userDetails != null){
226
            User user = (User)userDetails;
227
            CdmAuthority authority = new CdmAuthority(cdmEntity, property, crud);
228
            try {
229
                user.getGrantedAuthorities().add(authority.asNewGrantedAuthority());
230
            } catch (CdmAuthorityParsingException e) {
231
                throw new RuntimeException(e);
232
            }
233
            repo.getSession().flush();
234
            logger.debug("new authority for " + username + ": " + authority.toString());
235
            Authentication authentication = new PreAuthenticatedAuthenticationToken(user, user.getPassword(), user.getAuthorities());
236
            SecurityContextHolder.getContext().setAuthentication(authentication);
237
            logger.debug("security context refreshed with user " + username);
238
        }
235
    public void createAuthorityForCurrentUser(CdmBase cdmEntity, EnumSet<CRUD> crud, String property) {
236
        createAuthorityFor(userName(), cdmEntity, crud, property);
239 237

  
240 238
    }
241 239

  
242 240
    /**
243
     * {@inheritDoc}
241
     * @param cdmType
242
     * @param entitiyId
243
     * @param crud
244
     * @return
244 245
     */
245 246
    @Override
246
    public void createAuthorityForCurrentUser(CdmBase cdmEntity, EnumSet<CRUD> crud, String property) {
247
        createAuthorityFor(userName(), cdmEntity, crud, property);
248

  
247
    public void createAuthorityForCurrentUser(Class<? extends CdmBase> cdmType, Integer entitiyId, EnumSet<CRUD> crud, String property) {
248
        createAuthorityFor(userName(), cdmType, entitiyId, crud, property);
249 249
    }
250 250

  
251 251
}

Also available in: Unified diff